cbcvebase.
CVE-2017-11165
published 2017-07-12

CVE-2017-11165: dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the…

PriorityP273critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
64.13%
99.1th percentile
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.

Affected

1 ranges
VendorProductVersion rangeFixed in
thermofisherdt80_dex_firmware

Detection & IOCsextracted from sources · hover to see the quote

url/services/getFile.cmd?userfile=config.xml
path/services/getFile.cmd
filenameconfig.xml
sigma
matchers: words: ['COMMAND_SERVER', '', 'config id="config'] AND header: 'text/xml' AND status: 200
  • Detect unauthenticated GET requests to /services/getFile.cmd?userfile=config.xml — a successful response (HTTP 200) with Content-Type text/xml containing 'COMMAND_SERVER' and 'config id="config' indicates active exploitation of the information disclosure vulnerability.
  • Use Shodan/FOFA/Google dorks to identify exposed DataTaker DT80 dEX devices: shodan-query 'http.title:"datataker"', fofa-query 'title="datataker"', google-query 'intitle:"datataker"'.
  • Response body from the vulnerable endpoint leaks plaintext credentials (username and password) embedded in the config.xml output.
  • ·The vulnerability affects DataTaker DT80 dEX firmware version 1.50.012 specifically; the exploit-db advisory also references version 1.350.012, suggesting multiple firmware branches may be affected.
  • ·No authentication is required to exploit this endpoint; the attack is fully unauthenticated and network-accessible (CVSS AV:N/AC:L/PR:N/UI:N).

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.